References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.

AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

CWE-79

https://github.com/chamilo/chamilo-lms/commit/241c569dde0ad0e34d558ae51271f70438189b0e

https://github.com/chamilo/chamilo-lms/commit/82cc07edd8ef316e6b36da7c501120d5c0aeb151

https://github.com/chamilo/chamilo-lms/commit/f9150075246df4ed9755a4a150e25edb468767be

https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30

https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4wcp-3rh3-7wm4